Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,185 advisories

Loading
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-11002 was published for io.dropwizard:dropwizard-validation (Maven) Apr 10, 2020
pwntester
Potential Code Injection in Sprout Forms Critical
CVE-2020-11056 was published for barrelstrength/sprout-base-email (Composer) May 8, 2020
llamaonsecurity
HTTP response splitting in uvicorn High
CVE-2020-7695 was published for uvicorn (pip) Jul 29, 2020
Remote code execution in turn extension for TYPO3 High
CVE-2020-15515 was published for marcwillmann/turn (Composer) Jul 29, 2020
Server side template injection in Apache Camel High
CVE-2020-11994 was published for org.apache.camel:camel-robotframework (Maven) Jul 29, 2020
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Remote Code Execution in Red Discord Bot Moderate
CVE-2020-15140 was published for Red-DiscordBot (pip) Aug 21, 2020
douglascdev
Remote Code Execution in Red Discord Bot High
CVE-2020-15147 was published for Red-DiscordBot (pip) Aug 21, 2020
Jackenmen
Potential Command Injection in hubot-scripts Critical
CVE-2013-7378 was published for hubot-scripts (npm) Aug 31, 2020
Potential Command Injection in libnotify Critical
CVE-2013-7381 was published for libnotify (npm) Aug 31, 2020
HTML Injection in preact Moderate
GHSA-cg48-9hh2-x6mx was published for preact (npm) Sep 2, 2020
Users with SCRIPT right can execute arbitrary code in XWiki Low
CVE-2020-15171 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 10, 2020
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
RCE in XWiki High
CVE-2020-15252 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Oct 16, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
Template injection in cron-utils Critical
CVE-2020-26238 was published for com.cronutils:cron-utils (Maven) Nov 24, 2020
pwntester
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Server-Side Template Injection High
CVE-2020-26282 was published for com.browserup:browserup-proxy (Maven) Dec 24, 2020
pwntester dpowell
ProTip! Advisories are also available from the GraphQL API